A Bank must have strong internal control frameworks and establish permanent, independent and effective compliance and internal audit functions. The Bank’s compliance function must have primary reporting obligations to the Chief Executive Officer and a right of direct access to the Board or the Board audit committee and/or Board risk committee. The Bank’s internal audit function must report to the Board or the Board audit committee. Governance requirements for internal control, compliance and internal audit are contained in a separate Regulation and Standards issued by the Central Bank.